Cryptocurrency wallet manufacturer BitFi has become the latest challenger to fail in its bid to disprove the well-established cybersecurity axiom that nothing is unhackable. A team of researchers recently published evidence that they successfully sent signed transactions with the wallet by modifying the device, connecting to the wallet's server and transmitting sensitive data with it, conditions that would entitle the team to a $10,000 bug bounty issued by BitFi. BitFi has yet to acknowledge whether it will pay the bounty.
While this may be the first effort to successfully meet the terms of one of BitFi's bounties, it follows a number of successful efforts to compromise the device, including one instance where a 15-year-old hacker modified the firmware to play the video game Doom, after BitFi executive chairman and one-time anti-virus pioneer John McAfee personally backed a bounty challenge of $100,000 on July 24. McAfee and BitFi balked at these earlier hacks and refused to pay the bounty, claiming that they did not match the terms of the bounty to the letter, and even sent threatening tweets aimed at the hackers – responses that earned BitFi an award for worst vendor response at DEF CON earlier this month.
Despite BitFi's dubious claims of "fortress-like security" – McAfee later conceded that calling the wallet unhackable may have been "unwise" – the bounty program seems to have been a success at least from a marketing perspective. BitFi touts its ability to support an unlimited number of cryptocurrencies and allow users to generate a secret phrase to control the device, as opposed to a 24-word mnemonic seed. Further, BitFi touts itself as completely open source, so the user stays in control of the funds even if the manufacturer of the wallet ceases to exist.
For further reading, please see the following:
- 'Unhackable' Crypto Wallet Reportedly Breached, Hackers Claim to Meet Bounty Conditions
- 'Unhackable' BitFi crypto wallet has been hacked
- John McAfee's 'unhackable' cryptocurrency wallet has been hacked (again)
- McAfee: Calling Bitfi unhackable may have been 'unwise' but it was great marketing
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.